IP Cop Help

soulfusion · Mar 13, 2006, 02:12 PM

Hi guys

I recently got adsl with a router.

This is the problem. The router will only let my client machine connect if its giving out DHCP. If I use static with the router as default gateway I can do anything on the net.

I am now trying to setup an ipcop(1.4.6) machine.

I have given the router an address of 20.0.0.x subnet: 255.255.255.0

I have then made the red interface receive on DHCP.

My green interface is on 192.168.31.x subnet 255.255.255.0

It connects to a switch and in turn my client is on the same switch

I am running my client on a static ip on the same range as the green interface.

My client can't get onto the net

If I am doing summin wrong please let me know and if it might be the router.

Another thing my network looks like this

router-----red-----green-----switch------client

Must all the cables be straight or must some be crossover.

Any help will be greatly appreciated
Thanks

ScottGem · Mar 13, 2006, 02:18 PM

You just can't give our IP addresses. There are 2 types of IPs, Public and Private. Public addresses are given out by ISPs and other such entities. These entities have contracted with one of the regional registrars to own a block of IPs. Such IPs MUST be provided one of these entities.

Private adddress are within a couple of ranges. Ones is the 192.168 range. These IPs are to be used interanlly within a LAN and are not directly addressable by the NET. A Router with NAT (Network Address Translation) will manage the translation of the private local addresses to the one public Address provided by the broadband modem.

Most broadband modems use the 192.168 range with the router having 192.168.1.1.

Crossover cables are necessary to connect one NIC directly to another. Some older hubs and switches required a crossover when daisy chaining. But most current ones incldue an uplink port.

cajalat · Mar 13, 2006, 05:59 PM

Scott's right... you can't really choose your own IP's unless they belong to RFC1918 space. At least not if you don't want to have any conflicts with other sites.

So let me see if I can answer some of your other questions...

1. Cables. If you connect similar devices then you need a cross-over cable. i.e. Router to Router, Switch to Switch, PC to PC then you'll need a cross-over cable. If you connect a Switch to Router, a PC to Switch then you need a regular ethernet cable. That's the general rule and there are always exceptions of course.

2. You said that you're going to be running IPCOP. That requires a dedicated PC with two network cards. I'm assuming that in your diagram the RED is the external interface of your IPCOP and GREEN is the internal interface. So in this case I would let the router give out a DHCP address to your IPCOP machine on the RED interface. Then you'll need to configure IPCOP to give out an IP address on the GREEN interface. You also need to disable any DHCP on your Switch (if it does more than just switch). Your IPCOP will also need to be configured to do NAT'ing and of course your Router will be doing NAT'ing as well.

Now, you can use the same IP subnet on the RED network and the GREEN network and that will work because of the double NATing but I don't recommend you do that since a) it could get confusing if you're new and b) there's plenty of other IP space. If the router uses 192.168.0.0/16 then choose something else in either the 10.0.0.0/8 or 172.16.0.0/12 ranges.

If you want to assign IP's manually then you'll need to make sure of the following:

- Your router is setup to NAT on the RED side

-- You can route through it on the RED side

-- Suggest you use 192.168.1.0/24 subnet

--- 192.168.1.1/24 for your router (this is the GW for your IPCOP RED side)

--- 192.168.1.2/24 for your RED interface on your IPCOP

- Your IPCOP is setup to NAT on the GREEN side

-- You can route through it on the GREEN side

-- Suggest you use 10.0.0.0/24 subnet

--- 10.0.0.1/24 for your GREEN interface on your IPCOP (this is your PC's GW address also)

--- 10.0.0.x/24 for your internal hosts

As you can see static is more complex but doable if that's what you really want to do.

Now having said all of that. Why do you want to use your Router AND IPCOP? I would personally use only one of them (I'd use the IPCOP).

Hope that helps.

Casey

cajalat · Mar 13, 2006, 06:33 PM

Correction: You can't use the same subnet on your RED/GREEN nets. They need to be different. Sorry for the confusion. I was thinking there was one additional hop that separates the RED/GREEN networks.

Casey

cajalat · Mar 13, 2006, 07:38 PM

ScottGem agrees: Great info. Glad someone knew what IPCOP was ;) But I believe most modern network devices have uplink ports to allow using regular cables to daisy chain

Thanks Scott :) You're right about the uplink. Now-a-days a lot of home-grade devices have ports capable of MDI or MDI-X. MDI stands for Media Dependent Interface (X is for cross-over). These ports basically can either be manually switched or auto-switch from MDI to MDI-X depending on the device. It is a cool feature. So you can basically use either a standard ethernet cable or a cross-over cable (both will work). I work mostly with Enterprise grade switches (Catalysts 6500's, 4500's, etc) which do not do auto MDI/MDI-X. I'm not saying that I want those kinds of features in an Enterprise environment but when in a pinch it would have come in handy. Had to resort to MacGyvering a cable :o

Casey

Add your answer here.